CVE-2026-24803
Unknown Unknown - Not Provided
Infinite Loop Vulnerability in lede mt7615d Security Module

Publication date: 2026-01-27

Last updated on: 2026-01-27

Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)

Description
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C. This issue affects lede: through r25.10.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-27
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24803
EUVD
EUVD-2026-4795
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
coolsnowwolf lede to 25.10.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an infinite loop issue in the BN_mod_sqrt() function within the coolsnowwolf lede project. Specifically, the function can enter a loop with an unreachable exit condition when processing certain inputs, particularly when the modulus p is non-prime. This causes the calculation to never complete, effectively causing the program to hang or become unresponsive. [1]

Impact Analysis

The infinite loop vulnerability can cause the affected system or application to hang or become unresponsive when processing certain inputs. This can lead to denial of service conditions, potentially disrupting normal operations and affecting availability of services relying on the BN_mod_sqrt() function in the coolsnowwolf lede project. [1]

Detection Guidance

This vulnerability is related to an infinite loop in the BN_mod_sqrt() function when processing certain inputs, specifically with a non-prime modulus p. Detection would involve monitoring for processes or functions that hang or consume excessive CPU time due to this infinite loop. Since the issue is in the coolsnowwolf lede package's mt7615d driver embedded security modules, you can check for the presence of vulnerable versions (through r25.10.1) of the software. Specific commands to detect the vulnerability are not provided in the resources. [1]

Mitigation Strategies

The immediate mitigation is to apply the security patch that fixes the infinite loop in the BN_mod_sqrt() function. This patch, originally from OpenSSL addressing CVE-2022-0778, has been merged into the coolsnowwolf/lede repository as of February 17, 2025 (pull request #13346). Updating your system to include this patch or upgrading to a version of lede that includes this fix will mitigate the vulnerability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24803. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart